Prisma Finance has revealed a plan to gradually resume its operations after experiencing a hack that led to an $11.6 million loss, prompting a temporary halt of the platform on March 28th.
The restoration of borrowing features on Prisma is contingent upon garnering agreement through an ongoing community voting process.
Prisma Finance Exploited for $10 Million: Recovery Efforts and Governance Response
On March 28th, the decentralized finance (DeFi) platform Prisma Finance fell victim to an exploit resulting in the theft of approximately $10 million worth of cryptocurrencies. The exploit targeted a vulnerability in the migration zap contract, ultimately leading to a loss of around $11.6 million.
Originally designed to facilitate transitions between trove managers, the contract was manipulated to siphon assets, including wrapped-staked Ethereum (wstETH). The stolen assets were promptly converted into Ethereum (ETH), complicating efforts to trace and recover the funds.
Prisma Finance asserted that the core functionality of its protocol remained intact. The incident was isolated to the migration zap contract, thus ensuring the integrity of the overall protocol was not compromised.
In response to the breach, Prisma Finance initiated an emergency pause on all trove managers, effectively halting borrowing activities and preventing new liquidity infusion into the protocol to stabilize the situation. However, the Prisma Finance DAO swiftly launched a four-day governance vote the following day, slated to conclude on April 7.
According to the latest update, the proposal to resume borrowing activities on Prisma has received unanimous support, with a 100% “Yes” vote from participating DAO members, indicating strong community backing. Nonetheless, the final decision will be made after the voting deadline.
Users are strongly advised to revoke delegate approvals for open positions, as unpausing the protocol may entail the risk of fund loss. Previously, the protocol identified 14 accounts that had yet to revoke the affected smart contract, potentially exposing them to a combined loss of $540,000.
Plans to Resume Borrowing Activities After Exploit
On April 3rd, core contributor Frank Olson unveiled a plan to cautiously unpause the Prisma protocol, aiming to restore functionalities such as depositing liquid staking tokens (LSTs) and liquid restaking tokens (LRTs), as well as borrowing overcollateralized stablecoins.
Olson emphasized the importance of unpausing the protocol, citing its pivotal role in the recovery process and the resumption of normal operations, including full Vault management and deposits into the Stability Pool. He also underscored Prisma’s ongoing dedication to bolstering security measures, including continuous auditing services, bug bounty programs, and overall security enhancements.
In a forum post, Frank outlined Prisma Finance’s immediate response and forthcoming steps following the hack. To address the exploit, several key measures have been proposed. This includes a significant reduction in protocol-owned liquidity (POL), with the weekly POL amount set to decrease from $40,000 to $0. Moreover, the distribution to stakeholders will be affected, with the weekly amount allocated to vePRISMA holders being halved from $160,000 to $80,000.
Frank clarified that these proposed changes are not permanent but are deemed necessary for the current situation. He stated, “As new information comes in about this situation, we will also commit to revisiting these parameter changes 1 week after passage.”